“United States adversaries are launching increasingly sophisticated cyberattacks on the complicated web of networked systems upon which our military relies,” explained Robert W. Twitchell, Jr., President and CEO of Dispersive Technologies. “These attacks impair connectivity, degrade mission effectiveness and threaten lives.
“While the means of cyber attacks vary, the pattern of targets has been relatively consistent. Large databases, as well as point-of-sale systems, continue to be targeted for financial gain. Hackers with possible ties to nation-states continue to target infrastructure as well as systems for political insight,” writes Riley Walters in Heritage.
Twitchell, a subject matter expert for the Department of Defense, feels innovation is crucial to defeating cyberterrorists. “Whether it’s the military, government or corporate world, everyone has relied on basically the same network defense capabilities for years,” he said. “Not surprisingly, rogue nations and hackers have developed a playbook for how to hack U.S. networks. As the headlines reflect, they’re succeeding.
Dispersive Technologies, Inc. won the Most Innovative Solution award at the Armed Forces Communications and Electronics Association (AFCEA) Defensive Cyber Operations Symposium in Washington, D.C. April 20-22, 2016.
The Dispersive Technologies company has developed a unique approach to cybersecurity, inspired by military frequency hopping spread-spectrum technique, wherein a signal is transmitted in short bursts, “hopping” between frequencies in a pseudo-random sequence. Only the receiving radio possessing that code is able to can receive the signal properly, for any other eveteaser the signal appears as noise.
As long as humans are writing software, there will be coding mistakes for malicious hackers to exploit. A single bug can open the door to attackers deleting files, copying credit card numbers or carrying out political mischief. A new program called Shuffler tries to preempt attacks on code errors by allowing programs to continuously scramble their code as they run, effectively closing the window of opportunity for an attack.
“Shuffler makes it nearly impossible to turn a bug into a functioning attack, defending software developers from their mistakes,” said the study’s lead author, David Williams-King, a graduate student at Columbia Engineering. “Attackers are unable to figure out the program’s layout if the code keeps changing.”
New Software Continuously Scrambles Code to Foil Cyber Attacks
Even after repeated debugging, software typically contains up to 50 errors per 1,000 lines of code, each a potential avenue for attack. Though security defenses are constantly evolving, attackers are quick to find new ways in.
In the early 2000s, computer operating systems adopted a security feature called address space layout randomization, or ASLR. This technique rearranges memory when a program launches, making it harder for hackers to find and reuse existing code to take over the machine. But hackers soon discovered they could exploit memory disclosure bugs to grab code fragments once the program was already running.
Shuffler was developed to deflect this latter style of code-reuse attack. It takes ASLR’s code-scrambling approach to the extreme by randomizing small blocks of code every 20 to 50 milliseconds, imposing a severe deadline on would-be attackers. Until now, shifting around running code as a security measure was thought to be technically impractical because existing solutions require specialized hardware or software.
“By the time the server returns the information the attacker needs, it is already invalid—Shuffler has already relocated the respective code snippets to different memory locations,” said study coauthor Vasileios Kemerlis, a computer science professor at Brown University.
Designed to be user-friendly, Shuffler runs alongside the code it defends, without modifications to program compilers or the computer’s operating system. It even randomizes itself to defend against possible bugs in its own code.
The researchers say Shuffler runs faster and requires fewer system changes than similar continuous-randomization software such TASR and Remix, developed at MIT Lincoln Labs and Florida State University respectively.
On computation-heavy workloads, Shuffler slows programs by 15 percent on average, but at larger scales—a webserver running on 12 CPU cores, for example—the drop in performance is negligible, the researchers say.
This versatility means that software distributors as well as security-conscious individuals could be potential end users. “It’s the first system that is trying to be a serious defense that people can use, right now,” said Williams-King.
“Billions of lines of vulnerable code are out there,” said the study’s senior author, Junfeng Yang, a computer science professor at Columbia Engineering and member of the Data Science Institute. “Rather than finding every bug or rewriting all billions of lines of code in safer languages, Shuffler instantly lets us build a stronger defense.
The study is titled “Shuffler: Fast and Deployable Continuous Code Re-Randomization.” The other authors are Graham Gobieski, James Blake, Xinhao Yuan and Michelle Zheng, of Columbia; and Kent Williams-King, Patrick Colp and William Aiello, of the University of British Columbia.
Network Obfuscation To Confuse And Deceive The Adversary
Dispersive Technologies, Inc. (www.dispersivetechnologies.com) won the Most Innovative Solution award at the Armed Forces Communications and Electronics Association (AFCEA) Defensive Cyber Operations Symposium in Washington, D.C. April 20-22, 2016.
Dispersive™ Virtualized Networks mask cyber personas and disguise the points of origin and communications by veiling IP addresses, ports and geographic areas of operations. This solution yields high, tangible benefits to our military by allowing it to monitor adversaries’ networks and websites anonymously and by obfuscating IP attribution for network traffic.
Virtual Dispersive Networking (VDN)
Dispersive’s innovative technology divides data into smaller, non-duplicated independent streams; rolls the independent paths dynamically based on bandwidth availability, quality of line and other factors; and reassembles the data at the recipient’s device. It can encrypt each component message separately and even route them over different protocols following independent paths.
VDN was developed as a military grade solution to create a virtual network built on top of existing physical networks that can provide a secure communications mechanism for data and control information transmitted between networks,
Many hackers employ ‘Man in the Middle’ (MiM) attacks. MiM is a form of eavesdropping where the attacker makes independent connections with the victims on either end and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
Dispersing the data over multiple paths eliminates the Man-in-the-Middle threat. Hackers can only obtain small pieces of the original file on any given pathway, rendering any data obtained meaningless.
The path, encryption, port and IP addresses are continuously shifting greatly increasing the complexity and time required for an intruder to find and decrypt traffic
Data Integrity and Identification Verification.
Only other trusted peer VDN communication is recognized preventing an intruder from posing as a legitimate user. Watermarked packets ensure data integrity and identity verification.
Increased Availability & Resiliency
VDN greatly improves availability by providing authorized users access through any VDN enabled device. VDN utilizes existing networks, reducing the hardware requirements of a VPN configured network
Reliability and Resilience go hand in hand. When a connection is lost on any one of several open pathways, data packets are then rerouted to an already existing path, or an additional path is established—resulting in negligible network downtime.
Improved Speed / Performance
VDN traffic is dispersed over multiple independent paths using unique methods, increasing available bandwidth and optimizing data flows on individual pathways. Hence, speed and performance are increased.